Factoring Polynomials with Rational Coefficients Factoring Polynomials with Rational Coefficients A

download Factoring Polynomials with Rational Coefficients Factoring Polynomials with Rational Coefficients A

of 20

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Factoring Polynomials with Rational Coefficients Factoring Polynomials with Rational Coefficients A

  • Mathematische Math Arm 261, 515-534 (1982) ΑΙΗΗΐΙβη

    © Springer Verlag 1982

    Factoring Polynomials with Rational Coefficients

    A K Lenstra1, H W Lenstra, Jr 2, and L Lovasz3

    1 Mathematisch Centrum Kruislaan 413, NL-1098 SJ Amsterdam, The Netherlands 2 Mathematisch Insütuut, Umversiteit van Amsterdam, Roetersstraat 15, NL-1018 WB Amsterdam, The Netherlands 3 Bolyai Institute A Jozsef Umversity, Aradi vertanuk tere l, H-6720 Szeged Hungary

    In this paper we present a polynomial-time algonthm to solve the following problem given a non-zero polynomial / eQ[X] m one variable with rational coefficients, find the decomposition of / into irreducible factors m Q[X] It is well known that this is eqmvalent to factormg primitive polynomials /eZ[X] into irreducible factors m TL\X~\ Here we call /eZrjf] primitive if the greatest common divisor of its coefficients (the content of / ) is l

    Our algonthm performs well m practice, cf [8] Its running time, measured m bit operations, is 0(«124 n9(log|/|)3) Here /e2£pf] is the polynomial to be factored, n = deg(/) is the degree of /, and

    =(Σ«, 2 Υ / 2 V l l

    for a polynomial £ α,Κ1 with real coefficients a, I

    An outline of the algonthm is äs follows First we find, for a suitable small pnme number p, a p-adic irreducible factor h of /, to a certain precision This is done with Berlekamp's algonthm for factormg polynomials over small fimte fields, combmed with Heiisel's lemma Ntxt we look for the irreducible factor h0 of / m TL\X~\ that is divisible by h The condition that h0 is divisible by h means that h0 belongs to a cerlain lattice, and the condition that h0 divides / imphes that the coefficients of h0 are relatively small It follows that we must look for a "small" element in that lattice, and this is done by means of a basis reduction algonthm It turns out that this enables us to determme h0 The algonthm is repeated until all irreducible factors of / have been found

    The basis reduction algonthm that we employ is new, and it is described and analysed in Sect l It improves the algonthm given in a prelimmary Version of [9, Sect 3] At the end of Sect l we bnefly mention two applications of the new algonthm to diophantme approxmiation

    The connection between factors of / and reduced bases of a lattice is treated in detail m Sect 2 The theory presented here extends a lesult appeanng m [8, Theorem 2] It should be remarked that the latter result, which is simpler to prove, would m principle have sufficed for our purpose

    0025-5831/82/0261/0515/S04 00

  • 516 A K Lenstra et al

    Section 3, fmally, contams the descnption and the analysis of our algonthra for factormg polynomials

    It may be expected that other irreducibihly tests and factormg methods that depend on diophantme approximaüon (Cantor [3], Ferguson and Forcade [5], Brentjes [2, Sect 4A], and Zassenhaus [16]) can also be made mto polynomial- time algonthms with the help of the basis reduction algonthm presented m Sect l

    Splitting an arbitrary non-zero polynomial /eZ[X"] mto its content and its primitive pari, we deduce from our main result that the problem of factormg such a polynomial is polynormal-time reducible to the problem of factormg positive mtegers The same fact was proved by Adleman and Odlyzko [1] under the assumption of several deep and unproved hypotheses from number theory

    The generahzation of our result to algebraic number fields and to polynomials in several variables is the subject of future pubhcations

    1. Reduced Bases for Lattices

    Let n be a positive integer A subset L of the n-dimensional real vector space R" is called a lattice if there exists a basis b t , b2, ,b„ of R" such that

    In this Situation we say that b t , f>2, , b„ form a basis for L, or that they ipan L We call n the rank of L The determmant d(L) of L is defmed by

    (11) d(L) = |det(&1,fe2, ,b„)\,

    the bt bemg wntten äs column vectors This is a positive real number that does not depend on the choice of the basis [4, Sect I 2]

    Let bvb2, ,fc„eR" be hnearly mdependent We recall the Gram-Schmidt orthogonahzation process The vectors b* (l ^ ι 5Ξ n) and the real numbers μι (l g j

    i^n) are mductively defmed by

    (12) b*=b- ,Α*' J=l

    (13) Ν = (^Λ*)/(^*Α*),

    where (,) denotes the ordmary inner product on R" Notice that b* is the ' - i ' , - 1

    projecüon of bl on the orthogonal complement of Σ ^bj, and that Σ K^j

    [ _ i ,=i J=1

    - Σ R b*> f o r ! = ! = n I l ; f ° l l o w s that bf, b | , ,fe* is an orthogonal basis of R" j - 1 In this paper, we call a basis b l 5 b 2 , ,b„ for a lattice L reduced if

    (14) l/uJ^l/2 for l ^ / < i g n


    (15) Ι ^ + μ,,-Λ*-ιΙ2^|Ι&Γ-ιΙ2 for

  • Polynommls wilh Rational Coefficients 517

    where 1 1 denotes the ordinary Euclidean length. Notice that the vectors b* + μΙΙ_1£Ι*-ι and b*_i appearing in (1.5) are the projections of bl and bl_i on the

    —l— 2

    orthogonal complement of Σ W}}. The constant f in (1.5) is arbitrarily chosen, J=l

    and may be replaced by any fixed real number y with

    (1.6) Proposition. Let b1,b2, ...,b„be a reduced basis for a lattice L in IR", and let &*,&*> •••>b% be defined äs above. Then we have

    (1.7) l fe /^2 ' - 1 ·^* 2 jor l^j^i^n,


    (1.9) I f r j l ^ " ' 1 ' ' 4 · ^ ) 1 ' " ·

    Remark. If f m (1.5) is replaced by y, with | < j>< l, then the powers of 2 appearing in (1.7), (1.8) and (1.9) must be replaced by the same powers of 4/(4y-1).

    Remark. From (1.8) we see that a reduced basis is also reduced m the sense of [9, (7)].

    Proof of (1.6). From (1.5) and (1.4) we see that

    for l

  • 5 1 8 A K Lenstra et al

    Remark. Notice that the proof of the inequality

    (1.10) d(L)£ Π IM 1 = 1

    did not require the basis to be reduced. This is Hadamard's inequality.

    (1.11) Proposition. Let LclR" be a lattice with reduced basis bl,b2,...,b^ Then

    |fc1 | 2^2"-1-|x|2

    for every xeL, χφΟ.

    n n

    Proof. Write x = £ r,fo,= £ r(b* with r.eZ, rJelR ( l ^ i g n ) . If i is the lareest 1= l (= l

    mdex with r, + 0 then rj = ri; so

    By (1.7), we have \b1\ 2^2^1-\bf\2^2"~l-\b*\2. This proves (1.11).

    (1.12) Proposition. Let LclR" be a lattice with reduced basis bl,b2,...,b Let χ x2, ...,xteL be linearly independent. Then we have

    for j=l,2,...,t.


    Proof. Write Xj= £ rljbl with rtJeZ ( l ^ i g n ) for l ^ j ^ t . For fixed j , let i

    denote the largest i for which r;j=|=0. Then we have, by the proof of (1.11)

    (1.13) l*/^*/ for I g j ^ t . Renumber the x} such that i(l)^i(2)g...^i(t). We claim that j g i for l :£jS;f· If not, then x^x^ ...,x} would all belong to TRb1 +Rb2+ ... +IRb ~ a contradiction with the linear independence of x1,x2, ...,xt. From j^i(j) and (11) we obtain, using (1.13):

    for 7 = 1,2,.., t. This proves (1.12).

    Remark. Let A^l^ . . , !„ denote the successive minima of | 2 on L, see [4, Chap VIII], and let bl,b2,...,b„ be a reduced basis for L. Then (1.7) and (1.12) easily imply that

    ι\ 2^2η-1λι for Igi^n,

    so |£>, 2 is a reasonable approximation of /l,.

    (1.14) Remark. Notice that the number 2" ' 1 may in (1.11) be replaced by max{\b1\

    2/\bf\2:l^i^n} and m (1.12) by max{|fc//|fc*|2: l^j^i

    (1.15) We shall now describe an algorithm that transforms a given basis b1,b2,...,b„ for a lattice L into a reduced one. The algonthro improves the

  • Polynomials with Rational Coefficients 519

    algorithm given in a preliminary Version of [9, Sect. 3]. Our description incorporates an additional improvement due to J. J. M. Cuppen, reducing our running time estimates by a factor n.

    To initialize the algorithm we compute b* (l :£ i 5Ξ «) and μ1} (l^j

  • 520 A K Lenstra et al

    bk — rbl. The numbers μ^ with / < / are then replaced by μ^ — γμ1ρ and μΜ by ßkl—r; the other μ and all b* are unchanged. This is repeated until (1.21) holds.

    Next we replace k by k+ i. Then we are in the Situation described by (1.16) and (1.17), and we proceed with the algorithm from there.

    Notice that in the case k = l we have done no more than replacing k by 2. This finishes the description of the algorithm. Below we shall prove that the

    algorithm terminates.

    (1.22) For the sake of completeness we now give the formulae that are needed in case 1. Let b1,b2, •••,b„ be the current basis and b*, μι} äs in (1.2) and (1.3). Let k be the current subscript for which (1.16), (1.17), (1.18), and (1.19) hold. By c„ c*, and vl} we denote the vectors and numbers that will replace bv b*, and μ1}, respectively. The new basis c 1 ; c 2 , ···,€„ is given by

    ck^1=bk, ck = bk^i, cl = bl for z > k - l , k . k-2

    Since c£_ ί is the projection of bk on the orthogonal complement of ]T Rfc we J=l

    have, äs announced:

    [cf. the remark after (1.5)]. To obtain c$ we must project bf^1 on the orthogonal complement of IRc^Lj. That leads to

    - i

    For i Φ k— l, k we have c* = b*. Let now ι > k. To find v, k_ 1 and vlk we substitute


    ι - 1

    in bt = b* + Σ V^ip*· That yields J=l

    Finally, we have

    for l ^ j < k - l , and ν^ = μ,7 if l ^ ; < i ^ n , {ij}n{fc-l, k} = 0. We remark that after the initialization stage of the algorithm it is not necessary

    to keep track of the vectors b*. It suffices to keep track of the numbers \b*\2, in addition to μί}